I blogged yesterday about the recently released KPMG survey of the software compliance industry.

One very interesting graph breaks down the percentage revenue derived by software vendors from their compliance programs:

The overall survey is framed as follows:

(KPMG) surveyed 31 software companies representing more than 50 percent of the revenue in the software industry, where enterprise software revenue is expected to total $301 billion in 2013 (Gartner).

If we take just 50% of that total US $301 billion enterprise software market (to represent – conservatively – the market share of the 31 companies that responded), and extrapolate from the mid-points of the buckets in the diagram (e.g. take “2% to less than 4%” as 3%), then we get an estimated figure for the total revenue derived from compliance programs of $3.99 billion.

That, of course, assumes an even distribution of software company sizes across each of the response levels. That’s not a sound assumption, but it could push the figure higher as well as lower. This also discounts the remainder of the enterprise market that did not respond to the survey, or were not surveyed, which could add an unknown amount to the figure. Additionally, the figure above uses a value of 10% for the “10% or more” bucket – in reality this is likely to sit somewhere over 10%, but we have no data to indicate by how much.

What seems safe to say is that response to compliance enforcement is costing enterprise software consumers billions of dollars, and there is a good chance that the overall figure will be in excess of US $4 billion.

It has been difficult, to date, to estimate a reliable market size for the Software Asset Management market (not least because it is difficult to define: how much of the market is already accounted for in estimates for technologies such as discovery and the IT Asset respository?). However, if the damage caused by a lack of control is already counted in the billions, this suggests a significant addressable market.

Even a modest 5% estimate for the market value of saved compliance penalties would suggest an overall market of $200 million for preventative SAM alone, and this is before we consider the value of optimization rather than threat reduction.